On Thu, Sep 09, 2010, Natxo Asenjo wrote:
>On Wed, Sep 8, 2010 at 6:17 PM, Bill Campbell wrote:
>
>> I think it's a mistake to discount any attacks involving php as
>> the vast majority of the systems I have had to clean up after
>> cracks have been compromised through php vulnerabilities, usually
On Wed, Sep 8, 2010 at 6:17 PM, Bill Campbell wrote:
> I think it's a mistake to discount any attacks involving php as
> the vast majority of the systems I have had to clean up after
> cracks have been compromised through php vulnerabilities, usually
> in conjunction with weak user level password
John Doe wrote:
>> Every few days I see in the logwatch on my Centos-5.5 web-server
>> what seems like a rather feeble break-in attempt.
> Maybe just make sure your set apache ServerSignature to Off...
Thanks for the suggestion.
I looked at my /etc/httpd/conf/httpd.conf
and I saw that ServerSi
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of Bill Campbell
> Sent: Wednesday, September 08, 2010 12:17 PM
> To: centos@centos.org
> Subject: Re: [CentOS] Interpreting logwatch
> While fail2ban and swatch a
On 9/8/2010 9:52 AM, Matthew Miller wrote:
> On Wed, Sep 08, 2010 at 02:47:46PM +0100, Timothy Murphy wrote:
>> Thanks, I'll try that.
>> I had heard of fail2ban , but was slightly put off by the strange name;
>> what exactly is the name meant to convey?
> "to" as in the sense of "moving to", or
On Wed, Sep 08, 2010, Timothy Murphy wrote:
>Giles Coochey wrote:
>
>> The likelihood is that someone ran a vulnerability scanner against all
>> your available services, logwatch found evidence of that vulnerability
>> scan, and you should check whether any other vulnerabilities were scanned
>> for
Timothy Murphy wrote:
> m.r...@5-cent.us wrote:
>
>>> Every few days I see in the logwatch on my Centos-5.5 web-server
>>> what seems like a rather feeble break-in attempt.
>
>>> In fact, I'm not clear how one should deal with logwatch entries
>>> in general.
>>> Is there any document giving advice
On Wed, Sep 08, 2010 at 02:47:46PM +0100, Timothy Murphy wrote:
> Thanks, I'll try that.
> I had heard of fail2ban , but was slightly put off by the strange name;
> what exactly is the name meant to convey?
"to" as in the sense of "moving to", or "converting to". Failures (login
failures normally,
m.r...@5-cent.us wrote:
>> Every few days I see in the logwatch on my Centos-5.5 web-server
>> what seems like a rather feeble break-in attempt.
>> In fact, I'm not clear how one should deal with logwatch entries
>> in general.
>> Is there any document giving advice on this?
>
> We run fail2ban.
Giles Coochey wrote:
> The likelihood is that someone ran a vulnerability scanner against all
> your available services, logwatch found evidence of that vulnerability
> scan, and you should check whether any other vulnerabilities were scanned
> for and perhaps found...
>
> To do that you should m
From: Timothy Murphy
> Every few days I see in the logwatch on my Centos-5.5 web-server
> what seems like a rather feeble break-in attempt.
> Eg today I see
I get proxy scans and phpmyadmin (and others) vulnerabilities scans everyday...
They just get 404s in return...
You can check the IPs in
Timothy Murphy wrote:
> Every few days I see in the logwatch on my Centos-5.5 web-server
> what seems like a rather feeble break-in attempt.
> Eg today I see
> ---
> 403 Forbidden
>/phpMyAdmin/scripts/setup.php: 2 Time(s)
>/phpmyadmin/scripts/setup.php: 2
>
> Every few days I see in the logwatch on my Centos-5.5 web-server what
seems
> like a rather feeble break-in attempt.
> Eg today I see
> ---
> 403 Forbidden
>/phpMyAdmin/scripts/setup.php: 2 Time(s)
>/phpmyadmin/scripts/setup.php: 2 Time(s)
> 404
On Wed, Sep 08, 2010 at 01:33:18PM +0100, Timothy Murphy wrote:
> Every few days I see in the logwatch on my Centos-5.5 web-server
> what seems like a rather feeble break-in attempt.
That is what it is, and since it's so feeble, it's barely helpful to know
about it.
> In fact, I'm not clear how o
Every few days I see in the logwatch on my Centos-5.5 web-server
what seems like a rather feeble break-in attempt.
Eg today I see
---
403 Forbidden
/phpMyAdmin/scripts/setup.php: 2 Time(s)
/phpmyadmin/scripts/setup.php: 2 Time(s)
404 Not Found
/P
15 matches
Mail list logo
